openSUSE-SLE-15.5-2022-2956 moderate SUSE Updates openSUSE-SLE 15.5 This update for post-build-checks is a test update for openSUSE Leap 15.5. post-build-checks-84.87+git20220325.f46ef3c-150500.3.2.1.noarch.rpm post-build-checks-84.87+git20220325.f46ef3c-150500.3.2.1.src.rpm openSUSE-SLE-15.5-2022-4205 moderate SUSE Updates openSUSE-SLE 15.5 This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. net-snmp-5.9.3-150300.15.3.1.src.rpm net-snmp-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-devel-32bit-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-devel-5.9.3-150300.15.3.1.x86_64.rpm perl-SNMP-5.9.3-150300.15.3.1.x86_64.rpm python3-net-snmp-5.9.3-150300.15.3.1.x86_64.rpm snmp-mibs-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-5.9.3-150300.15.3.1.s390x.rpm net-snmp-devel-5.9.3-150300.15.3.1.s390x.rpm perl-SNMP-5.9.3-150300.15.3.1.s390x.rpm python3-net-snmp-5.9.3-150300.15.3.1.s390x.rpm snmp-mibs-5.9.3-150300.15.3.1.s390x.rpm net-snmp-5.9.3-150300.15.3.1.ppc64le.rpm net-snmp-devel-5.9.3-150300.15.3.1.ppc64le.rpm perl-SNMP-5.9.3-150300.15.3.1.ppc64le.rpm python3-net-snmp-5.9.3-150300.15.3.1.ppc64le.rpm snmp-mibs-5.9.3-150300.15.3.1.ppc64le.rpm net-snmp-5.9.3-150300.15.3.1.aarch64.rpm net-snmp-devel-5.9.3-150300.15.3.1.aarch64.rpm perl-SNMP-5.9.3-150300.15.3.1.aarch64.rpm python3-net-snmp-5.9.3-150300.15.3.1.aarch64.rpm snmp-mibs-5.9.3-150300.15.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-419 moderate SUSE Updates openSUSE-SLE 15.5 This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add "ca" property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0 Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0 Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0 corepack18-18.13.0-150400.9.3.1.x86_64.rpm nodejs18-18.13.0-150400.9.3.1.src.rpm nodejs18-18.13.0-150400.9.3.1.x86_64.rpm nodejs18-devel-18.13.0-150400.9.3.1.x86_64.rpm nodejs18-docs-18.13.0-150400.9.3.1.noarch.rpm npm18-18.13.0-150400.9.3.1.x86_64.rpm corepack18-18.13.0-150400.9.3.1.s390x.rpm nodejs18-18.13.0-150400.9.3.1.s390x.rpm nodejs18-devel-18.13.0-150400.9.3.1.s390x.rpm npm18-18.13.0-150400.9.3.1.s390x.rpm corepack18-18.13.0-150400.9.3.1.aarch64.rpm nodejs18-18.13.0-150400.9.3.1.aarch64.rpm nodejs18-devel-18.13.0-150400.9.3.1.aarch64.rpm npm18-18.13.0-150400.9.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-1954 low SUSE Updates openSUSE-SLE 15.5 This update for xmlsec1 fixes the following issue: - Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617) libxmlsec1-1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-1.2.28-150100.7.13.4.src.rpm xmlsec1-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.aarch64.rpm openSUSE-SLE-15.5-2023-2383 moderate SUSE Updates openSUSE-SLE 15.5 This update for jansi contains the following fix: - Fetch sources using source_service and don't distribute legally spurious files. (bsc#1210877) jansi-2.4.0-150200.3.7.1.src.rpm jansi-2.4.0-150200.3.7.1.x86_64.rpm jansi-javadoc-2.4.0-150200.3.7.1.noarch.rpm jansi-2.4.0-150200.3.7.1.s390x.rpm jansi-2.4.0-150200.3.7.1.ppc64le.rpm jansi-2.4.0-150200.3.7.1.aarch64.rpm openSUSE-SLE-15.5-2023-2296 important SUSE Updates openSUSE-SLE 15.5 This update for openvswitch fixes the following issues: - CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). libopenvswitch-2_14-0-2.14.2-150400.24.9.1.x86_64.rpm libovn-20_06-0-20.06.2-150400.24.9.1.x86_64.rpm openvswitch-2.14.2-150400.24.9.1.src.rpm openvswitch-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-devel-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-doc-2.14.2-150400.24.9.1.noarch.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-pki-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-test-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-vtep-2.14.2-150400.24.9.1.x86_64.rpm ovn-20.06.2-150400.24.9.1.x86_64.rpm ovn-central-20.06.2-150400.24.9.1.x86_64.rpm ovn-devel-20.06.2-150400.24.9.1.x86_64.rpm ovn-doc-20.06.2-150400.24.9.1.noarch.rpm ovn-docker-20.06.2-150400.24.9.1.x86_64.rpm ovn-host-20.06.2-150400.24.9.1.x86_64.rpm ovn-vtep-20.06.2-150400.24.9.1.x86_64.rpm python3-ovs-2.14.2-150400.24.9.1.x86_64.rpm libopenvswitch-2_14-0-2.14.2-150400.24.9.1.s390x.rpm libovn-20_06-0-20.06.2-150400.24.9.1.s390x.rpm openvswitch-2.14.2-150400.24.9.1.s390x.rpm openvswitch-devel-2.14.2-150400.24.9.1.s390x.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.s390x.rpm openvswitch-pki-2.14.2-150400.24.9.1.s390x.rpm openvswitch-test-2.14.2-150400.24.9.1.s390x.rpm openvswitch-vtep-2.14.2-150400.24.9.1.s390x.rpm ovn-20.06.2-150400.24.9.1.s390x.rpm ovn-central-20.06.2-150400.24.9.1.s390x.rpm ovn-devel-20.06.2-150400.24.9.1.s390x.rpm ovn-docker-20.06.2-150400.24.9.1.s390x.rpm ovn-host-20.06.2-150400.24.9.1.s390x.rpm ovn-vtep-20.06.2-150400.24.9.1.s390x.rpm python3-ovs-2.14.2-150400.24.9.1.s390x.rpm libopenvswitch-2_14-0-2.14.2-150400.24.9.1.ppc64le.rpm libovn-20_06-0-20.06.2-150400.24.9.1.ppc64le.rpm openvswitch-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-devel-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-pki-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-test-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-vtep-2.14.2-150400.24.9.1.ppc64le.rpm ovn-20.06.2-150400.24.9.1.ppc64le.rpm ovn-central-20.06.2-150400.24.9.1.ppc64le.rpm ovn-devel-20.06.2-150400.24.9.1.ppc64le.rpm ovn-docker-20.06.2-150400.24.9.1.ppc64le.rpm ovn-host-20.06.2-150400.24.9.1.ppc64le.rpm ovn-vtep-20.06.2-150400.24.9.1.ppc64le.rpm python3-ovs-2.14.2-150400.24.9.1.ppc64le.rpm libopenvswitch-2_14-0-2.14.2-150400.24.9.1.aarch64.rpm libovn-20_06-0-20.06.2-150400.24.9.1.aarch64.rpm openvswitch-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-devel-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-pki-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-test-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-vtep-2.14.2-150400.24.9.1.aarch64.rpm ovn-20.06.2-150400.24.9.1.aarch64.rpm ovn-central-20.06.2-150400.24.9.1.aarch64.rpm ovn-devel-20.06.2-150400.24.9.1.aarch64.rpm ovn-docker-20.06.2-150400.24.9.1.aarch64.rpm ovn-host-20.06.2-150400.24.9.1.aarch64.rpm ovn-vtep-20.06.2-150400.24.9.1.aarch64.rpm python3-ovs-2.14.2-150400.24.9.1.aarch64.rpm openSUSE-SLE-15.5-2023-2313 important SUSE Updates openSUSE-SLE 15.5 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support c-ares-1.19.1-150000.3.23.1.src.rpm c-ares-devel-1.19.1-150000.3.23.1.x86_64.rpm c-ares-utils-1.19.1-150000.3.23.1.x86_64.rpm libcares2-1.19.1-150000.3.23.1.x86_64.rpm libcares2-32bit-1.19.1-150000.3.23.1.x86_64.rpm c-ares-devel-1.19.1-150000.3.23.1.s390x.rpm c-ares-utils-1.19.1-150000.3.23.1.s390x.rpm libcares2-1.19.1-150000.3.23.1.s390x.rpm c-ares-devel-1.19.1-150000.3.23.1.ppc64le.rpm c-ares-utils-1.19.1-150000.3.23.1.ppc64le.rpm libcares2-1.19.1-150000.3.23.1.ppc64le.rpm c-ares-devel-1.19.1-150000.3.23.1.aarch64.rpm c-ares-utils-1.19.1-150000.3.23.1.aarch64.rpm libcares2-1.19.1-150000.3.23.1.aarch64.rpm openSUSE-SLE-15.5-2023-2390 important SUSE Updates openSUSE-SLE 15.5 This update for apache-commons-fileupload fixes the following issues: Updated to version 1.5: - CVE-2023-24998: Added a configurable maximum number of files to upload per request (bsc#1208513). apache-commons-fileupload-1.5-150200.3.9.1.noarch.rpm apache-commons-fileupload-1.5-150200.3.9.1.src.rpm apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch.rpm openSUSE-SLE-15.5-2023-2312 important SUSE Updates openSUSE-SLE 15.5 This update for go1.18-openssl fixes the following issues: - Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962) * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x package by 40 Mb * Experimental and not recommended for general use, Go currently has no ABI * Upstream Go has not committed to support buildmode=shared long-term * Do not use in packaging, build static single binaries (the default) * Upstream Go go1.x binary releases do not include libstd.so * go1.x Suggests go1.x-libstd so not installed by default Recommends * go1.x-libstd does not Require: go1.x so can install standalone * Provides go-libstd unversioned package name * Fix build step -buildmode=shared std to omit -linkshared - Packaging improvements: * go1.x Suggests go1.x-doc so not installed by default Recommends * Use Group: Development/Languages/Go instead of Other - Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline - Update to version 1.18.10.1 cut from the go1.18-openssl-fips branch at the revision tagged go1.18.10-1-openssl-fips. * Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips * Merge go1.18.10 into dev.boringcrypto.go1.18 - go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler, the linker, and the crypto/x509, net/http, and syscall packages. Refs bsc#1193742 go1.18 release tracking * go#57705 misc/cgo: backport needed for dlltool fix * go#57426 crypto/x509: Verify on macOS does not return typed errors * go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument. * go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * go#57213 os: TestLstat failure on Linux Aarch64 * go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * go#57057 cmd/go: remove test dependency on gopkg.in service * go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * go#57044 cgo: malformed DWARF TagVariable entry * go#57028 cmd/cgo: Wrong types in compiler errors with clang 14 * go#56833 cmd/link/internal/ppc64: too-far trampoline is reused * go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * go#56323 net/http: bad handling of HEAD requests with a body go1.18-openssl-1.18.10.1-150000.1.9.1.src.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64.rpm go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.s390x.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64.rpm go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64.rpm openSUSE-SLE-15.5-2023-2347 important SUSE Updates openSUSE-SLE 15.5 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). cups-2.2.7-150000.3.43.1.src.rpm cups-2.2.7-150000.3.43.1.x86_64.rpm cups-client-2.2.7-150000.3.43.1.x86_64.rpm cups-config-2.2.7-150000.3.43.1.x86_64.rpm cups-ddk-2.2.7-150000.3.43.1.x86_64.rpm cups-devel-2.2.7-150000.3.43.1.x86_64.rpm cups-devel-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcups2-2.2.7-150000.3.43.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.43.1.x86_64.rpm libcupscgi1-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.43.1.x86_64.rpm libcupsimage2-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.43.1.x86_64.rpm libcupsmime1-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.43.1.x86_64.rpm libcupsppdc1-32bit-2.2.7-150000.3.43.1.x86_64.rpm cups-2.2.7-150000.3.43.1.s390x.rpm cups-client-2.2.7-150000.3.43.1.s390x.rpm cups-config-2.2.7-150000.3.43.1.s390x.rpm cups-ddk-2.2.7-150000.3.43.1.s390x.rpm cups-devel-2.2.7-150000.3.43.1.s390x.rpm libcups2-2.2.7-150000.3.43.1.s390x.rpm libcupscgi1-2.2.7-150000.3.43.1.s390x.rpm libcupsimage2-2.2.7-150000.3.43.1.s390x.rpm libcupsmime1-2.2.7-150000.3.43.1.s390x.rpm libcupsppdc1-2.2.7-150000.3.43.1.s390x.rpm cups-2.2.7-150000.3.43.1.ppc64le.rpm cups-client-2.2.7-150000.3.43.1.ppc64le.rpm cups-config-2.2.7-150000.3.43.1.ppc64le.rpm cups-ddk-2.2.7-150000.3.43.1.ppc64le.rpm cups-devel-2.2.7-150000.3.43.1.ppc64le.rpm libcups2-2.2.7-150000.3.43.1.ppc64le.rpm libcupscgi1-2.2.7-150000.3.43.1.ppc64le.rpm libcupsimage2-2.2.7-150000.3.43.1.ppc64le.rpm libcupsmime1-2.2.7-150000.3.43.1.ppc64le.rpm libcupsppdc1-2.2.7-150000.3.43.1.ppc64le.rpm cups-2.2.7-150000.3.43.1.aarch64.rpm cups-client-2.2.7-150000.3.43.1.aarch64.rpm cups-config-2.2.7-150000.3.43.1.aarch64.rpm cups-ddk-2.2.7-150000.3.43.1.aarch64.rpm cups-devel-2.2.7-150000.3.43.1.aarch64.rpm libcups2-2.2.7-150000.3.43.1.aarch64.rpm libcupscgi1-2.2.7-150000.3.43.1.aarch64.rpm libcupsimage2-2.2.7-150000.3.43.1.aarch64.rpm libcupsmime1-2.2.7-150000.3.43.1.aarch64.rpm libcupsppdc1-2.2.7-150000.3.43.1.aarch64.rpm openSUSE-SLE-15.5-2023-2334 moderate SUSE Updates openSUSE-SLE 15.5 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). libtiff-devel-32bit-4.0.9-150000.45.28.1.x86_64.rpm libtiff-devel-4.0.9-150000.45.28.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.28.1.x86_64.rpm libtiff5-4.0.9-150000.45.28.1.x86_64.rpm tiff-4.0.9-150000.45.28.1.src.rpm tiff-4.0.9-150000.45.28.1.x86_64.rpm libtiff-devel-4.0.9-150000.45.28.1.s390x.rpm libtiff5-4.0.9-150000.45.28.1.s390x.rpm tiff-4.0.9-150000.45.28.1.s390x.rpm libtiff-devel-4.0.9-150000.45.28.1.ppc64le.rpm libtiff5-4.0.9-150000.45.28.1.ppc64le.rpm tiff-4.0.9-150000.45.28.1.ppc64le.rpm libtiff-devel-4.0.9-150000.45.28.1.aarch64.rpm libtiff5-4.0.9-150000.45.28.1.aarch64.rpm tiff-4.0.9-150000.45.28.1.aarch64.rpm openSUSE-SLE-15.5-2023-2331 important SUSE Updates openSUSE-SLE 15.5 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl10-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-32bit-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.76.1.x86_64.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.src.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.x86_64.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.x86_64.rpm openssl-1_0_0-doc-1.0.2p-150000.3.76.1.noarch.rpm libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.s390x.rpm libopenssl10-1.0.2p-150000.3.76.1.s390x.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.s390x.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.s390x.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.s390x.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.s390x.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.s390x.rpm libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl10-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.ppc64le.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.ppc64le.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl10-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.aarch64.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.aarch64.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.aarch64.rpm openSUSE-SLE-15.5-2023-2320 moderate SUSE Updates openSUSE-SLE 15.5 This update for wireshark fixes the following issues: Updated to version 3.6.14: - CVE-2023-2855: Fixed a crash in the Candump log file parser (boo#1211703). - CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser (boo#1211707). - CVE-2023-2857: Fixed a crash in the BLF file parser (boo#1211705). - CVE-2023-2858: Fixed a crash in the NetScaler file parser (boo#1211706). - CVE-2023-0668: Fixed a crash in the IEEE C37.118 Synchrophasor dissector (boo#1211710). - CVE-2023-2879: GDSDB dissector infinite loop (boo#1211793). Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.14.html libwireshark15-3.6.14-150000.3.92.1.x86_64.rpm libwiretap12-3.6.14-150000.3.92.1.x86_64.rpm libwsutil13-3.6.14-150000.3.92.1.x86_64.rpm wireshark-3.6.14-150000.3.92.1.src.rpm wireshark-3.6.14-150000.3.92.1.x86_64.rpm wireshark-devel-3.6.14-150000.3.92.1.x86_64.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.x86_64.rpm libwireshark15-3.6.14-150000.3.92.1.s390x.rpm libwiretap12-3.6.14-150000.3.92.1.s390x.rpm libwsutil13-3.6.14-150000.3.92.1.s390x.rpm wireshark-3.6.14-150000.3.92.1.s390x.rpm wireshark-devel-3.6.14-150000.3.92.1.s390x.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.s390x.rpm libwireshark15-3.6.14-150000.3.92.1.ppc64le.rpm libwiretap12-3.6.14-150000.3.92.1.ppc64le.rpm libwsutil13-3.6.14-150000.3.92.1.ppc64le.rpm wireshark-3.6.14-150000.3.92.1.ppc64le.rpm wireshark-devel-3.6.14-150000.3.92.1.ppc64le.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.ppc64le.rpm libwireshark15-3.6.14-150000.3.92.1.aarch64.rpm libwiretap12-3.6.14-150000.3.92.1.aarch64.rpm libwsutil13-3.6.14-150000.3.92.1.aarch64.rpm wireshark-3.6.14-150000.3.92.1.aarch64.rpm wireshark-devel-3.6.14-150000.3.92.1.aarch64.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.aarch64.rpm openSUSE-SLE-15.5-2023-2381 moderate SUSE Updates openSUSE-SLE 15.5 This update for bouncycastle fixes the following issues: bouncycastle was updated to version 1.73: [jsc#PED-3756] Defects Fixed: - BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. - The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well.. - The attached signature type byte was still present in Falcon signatures as well as the detached signature byte. - There was an off-by-one error in engineGetOutputSize() for ECIES. - The method for invoking read() internally in BCPGInputStream could result in inconsistent behaviour if the class was extended. - Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices. - Fixed RFC3394WrapEngine handling of 64 bit keys. - Internal buffer for blake2sp was too small and could result in an ArrayIndexOutOfBoundsException. - JCA PSS Signatures using SHAKE128 and SHAKE256 now support encoding of algorithm parameters. - PKCS10CertificationRequest now checks for empty extension parameters. - Parsing errors in the processing of PGP Armored Data now throw an explicit exception ArmoredInputException. - PGP AEAD streams could occassionally be truncated. - The ESTService class now supports processing of chunked HTTP data. - A constructed ASN.1 OCTET STRING with a single member would sometimes be re-encoded as a definite-length OCTET STRING. The encoding has been adjusted to preserve the BER status of the object. - PKIXCertPathReviewer could fail if the trust anchor was also included in the certificate store being used for path analysis. - UTF-8 parsing of an array range ignored the provided length. - IPAddress has been written to provide stricter checking and avoid the use of Integer.parseInt(). - A Java 7 class snuck into the Java 5 to Java 8 build. Additional Features and Functionality: - The Rainbow NIST Post Quantum Round-3 Candidate has been added to the low-level API and the BCPQC provider (level 3 and level 5 parameter sets only). - The GeMSS NIST Post Quantum Round-3 Candidate has been added to the low-level API. - The org.bouncycastle.rsa.max_mr_tests property check has been added to allow capping of MR tests done on RSA moduli. - Significant performance improvements in PQC algorithms, especially BIKE, CMCE, Frodo, HQC, Picnic. - EdDSA verification now conforms to the recommendations of Taming the many EdDSAs, in particular cofactored verification. As a side benefit, Pornin's basis reduction is now used for EdDSA verification, giving a significant performance boost. - Major performance improvements for Anomalous Binary (Koblitz) Curves. - The lightweight Cryptography finalists Ascon, ISAP, Elephant, PhotonBeetle, Sparkle, and Xoodyak have been added to the light-weight cryptography API. - BLAKE2bp and BLAKE2sp have been added to the light-weight cryptography API. - Support has been added for X.509, Section 9.8, hybrid certificates and CRLs using alternate public keys and alternate signatures. - The property "org.bouncycastle.emulate.oracle" has been added to signal the provider should return algorithm names on some algorithms in the same manner as the Oracle JCE provider. - An extra replaceSigners method has been added to CMSSignedData which allows for specifying the digest algorithm IDs to be used in the new CMSSignedData object. - Parsing and re-encoding of ASN.1 PEM data has been further optimized to prevent unecessary conversions between basic encoding, definite length, and DER. - Support has been added for KEM ciphers in CMS in accordance with draft-ietf-lamps-cms-kemri - Support has been added for certEncr in CRMF to allow issuing of certificates for KEM public keys. - Further speedups have been made to CRC24. - GCMParameterSpec constructor caching has been added to improve performance for JVMs that have the class available. - The PGPEncrytedDataGenerator now supports injecting the session key to be used for PGP PBE encrypted data. - The CRMF CertificateRequestMessageBuilder now supports optional attributes. - Improvements to the s calculation in JPAKE. - A general purpose PQCOtherInfoGenerator has been added which supports all Kyber and NTRU. - An implementation of HPKE (RFC 9180 - Hybrid Public Key Encryption) has been added to the light-weight cryptography API. Security Advisories: - The PQC implementations have now been subject to formal review for secret leakage and side channels, there were issues in BIKE, Falcon, Frodo, HQC which have now been fixed. Some weak positives also showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last set has been ignored as the algorithms will either be updated if they reappear in the Signature Round, or deleted, as is already the case for SIKE (it is now in the legacy package). Details on the group responsible for the testing can be found in the CONTRIBUTORS file. - For at least some ECIES variants (e.g. when using CBC) there is an issue with potential malleability of a nonce (implying silent malleability of the plaintext) that must be sent alongside the ciphertext but is outside the IES integrity check. For this reason the automatic generation of nonces with IED is now disabled and they have to be passed in using an IESParameterSpec. The current advice is to agree on a nonce between parties and then rely on the use of the ephemeral key component to allow the nonce (rather the so called nonce) usage to be extended. bouncycastle-1.73-150200.3.18.1.noarch.rpm bouncycastle-1.73-150200.3.18.1.src.rpm bouncycastle-javadoc-1.73-150200.3.18.1.noarch.rpm bouncycastle-jmail-1.73-150200.3.18.1.noarch.rpm bouncycastle-mail-1.73-150200.3.18.1.noarch.rpm bouncycastle-pg-1.73-150200.3.18.1.noarch.rpm bouncycastle-pkix-1.73-150200.3.18.1.noarch.rpm bouncycastle-tls-1.73-150200.3.18.1.noarch.rpm bouncycastle-util-1.73-150200.3.18.1.noarch.rpm openSUSE-SLE-15.5-2023-2344 important SUSE Updates openSUSE-SLE 15.5 This update for ImageMagick fixes the following issues: - CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). - CVE-2023-34153: Fixed a command injection issue when encoding or decoding VIDEO files (bsc#1211792). ImageMagick-7.1.0.9-150400.6.21.1.src.rpm ImageMagick-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-devel-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-doc-7.1.0.9-150400.6.21.1.noarch.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-devel-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.x86_64.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.s390x.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.s390x.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.s390x.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.s390x.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.s390x.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.ppc64le.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.aarch64.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.aarch64.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.aarch64.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.aarch64.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.aarch64.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.aarch64.rpm